Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11272 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

Como podemos adequar nossos processos para implementar a ISO 27001?

A adequação dos processos irá depender dos controles de segurança identificados pela empresa como necessários, a partir dos resultados da avaliação de riscos e da identificação dos requisitos legais aplicáveis (e.g., leis, regulamentações ou contratos).

Por exemplo, se os resultados da avaliação de risco indicam a necessidade de cópias de segurança, os processos da organização deverão ser ajustados para considerar o tempo necessário para a realização das cópias de segurança, bem como deverão ser pensados os locais onde armazenar estas cópias.

Outro exemplo envolveria a necessidade de manipular a informação de acordo com a sua classificação. Determinados processos deverão ser adequados para que nenhuma informação seja deixa aparente caso o usuário não esteja em sua área de trabalho.

Para mais informações, veja:
- A lógica básica da ISO 27001: Como a segurança da informação funciona? https://advisera.com/27001academy/pt-br/knowledgebase/a-logica-basica-da-iso-27001-como-a-seguranca-da-informacao-funciona/
Adapting processes to implement ISO 27001

The adequacy of the processes will depend on the security controls identified by the company as necessary, based on the risk assessment results and the identification of applicable legal requirements (e.g., laws, regulations, or contracts).

For example, if the results of the risk assessment indicate the need for backup copies, the organization's processes must be adjusted to consider the time required to carry out the backup copies, as well as the places where to store these copies.

Another example would involve the need to manipulate information according to its classification. Certain processes must be suitable so that no information is left apparent if the user is not in their work area.

For further information, see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Quality Culture and Product Risk Assessment

Some ideas about promoting a quality culture:
- Focus on your target customers (different customer groups want and value different things and your company cannot serve all at the same time)
- Promote an outside-in approach (it’s not your outputs, it’s your customers needs)
- Measure customer satisfaction
- Promote continual improvement
- Train people
- Support all previous actions with a set of company values acting as a framework
About product risk assessment:
- Answer this question – what can go wrong with your product?
- At the end of life
- While be used by users
- While being delivered
- While being manufactured
Determine risks, and evaluate potential consequences and probability – check this free webinar on demand:
- Free webinar - How To Implement Risk Management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar-on-demand/
- Gap Analysis Question
  
  First is important to note that ISO 27001 does not require a gap analysis to be performed.
  
  Considering that, you should define a scope for your gap analysis so you can understand which kind of questions you need to consider.
  
  For example, if your gap analysis scope is Research and Development, it does not make sense to include questions related to HR or sales processes.
  
  Additionally, we do not recommend using it for companies smaller than 500 employees because it would make your implementation unnecessarily complex.
  
  You can access the ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
  
  For further information, see:
  - ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- ISO 9001 Quality Inspection Records
  
  Do these inspection records need to be considered as controlled documents?
  Yes, those spreadsheets are documents in a digital format relevant to your management system. Once filled they became relevant records.
  Do they need to be given a document number, revision level, and approval?
  They should have an identification (can be a name or number), and they should have a way of distinguishing different versions can be a revision level in the name of the file or any other way, and there should be a way of evidencing approval, maybe an e-mail stating that from the authorized function.
  Do they need to be kept on the document control master list?
  Yes, they should be there although they are in a digital format.
- Can a certified company transfer its ISO certificate to another company?
  
  First, short answer - That is not possible.
  
  Second, exceptions – but only applicable to the same site.
  - When a company changes name.
  - When a company is bought by another company, and the certification body is informed and agrees in keeping the certificate
- Audit
  
  I’m assuming that by external audit you refer to the certification audit.
  
  Considering that, it is important to note that an internal audit is a mandatory requirement for ISO 27001 certification, so it needs to be performed before the certification audit.
  
  To perform an internal audit you should consider these steps:
  - Develop an internal audit procedure
  - Plan your audits, considering dates, criteria, and scope
  - Develop checklists to help you not forget something during the audit
  - Elaborate on the audit report which will include the non-compliances and other findings
  These articles will provide you with a further explanation of internal audit:
  - How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
  - How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
  - Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
  These materials will also help you regarding internal audit:
  - ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
  - ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
  To see what internal audit documents compliant with ISO 27001 look like, please take a look at this toolkit:
  - ISO 27001/ISO 22301 Internal Audit Toolkit https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
- Aruba Products
  
  Thank you!

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11272 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

Como podemos adequar nossos processos para implementar a ISO 27001?

Adapting processes to implement ISO 27001

Quality Culture and Product Risk Assessment

Gap Analysis Question

ISO 9001 Quality Inspection Records

Can a certified company transfer its ISO certificate to another company?

Audit

Aruba Products

Didn’t find an answer?